This copy is for your personal, non-commercial use only. Distribution and use of this material are governed by our Subscriber Agreement and by copyright law. For non-personal use or to order multiple copies, please contact Dow Jones Reprints at 1-800-843-0008 or visit www.djreprints.com.
https://www.wsj.com/articles/china-police-database-was-left-open-online-for-over-a-year-enabling-leak-11657119903
Listen to article
(2 minutes)
What is likely one of history’s largest heists of personal data—and .wsj-1h1us5y-StyledLink{color:var(–interactive-text-color);-webkit-text-decoration:underline;text-decoration:underline;}.wsj-1h1us5y-StyledLink:hover{-webkit-text-decoration:none;text-decoration:none;}the largest known cybersecurity breach in China—occurred because of a common vulnerability that left the data open for the taking on the internet, say cybersecurity experts who discovered the security flaw earlier this year.
The Shanghai police records—containing the names, government ID numbers, phone numbers and incident reports of nearly 1 billion Chinese citizens—were stored securely, according to the cybersecurity experts. But a dashboard for managing and accessing the data was set up on a public web address and left open without a password, which allowed anyone with relatively basic technical knowledge to waltz in and copy or steal the trove of information, they said.
Continue reading your article with
a WSJ membership
WSJ Membership
Customer Service
Tools & Features
Ads
More
Dow Jones Products
WSJ Membership
Customer Service
Tools & Features
Ads
More
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved
This copy is for your personal, non-commercial use only. Distribution and use of this material are governed by our Subscriber Agreement and by copyright law. For non-personal use or to order multiple copies, please contact Dow Jones Reprints at 1-800-843-0008 or visit www.djreprints.com.